package com.cqq.auth.shiro.filter;

import java.io.IOException;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;

/**
 * <h3>Shiro权限验证过滤器</h3>
 *
 * <p>
 * 重写了Shiro框架自带的perms过滤器，任何一个权限满足条件则通过。
 * </p>
 * 
 * @author xijq
 * @version 1.0.0
 * 
 */
public class PermissionsAuthorizationFilter extends AuthorizationFilter {

    public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws IOException {
        Subject subject = getSubject(request, response);
        String[] perms = (String[]) mappedValue;

        boolean isPermitted = true;
        if (perms != null && perms.length > 0) {
        	isPermitted = false;
        	for(String perm:perms){
        		if(subject.isPermitted(perm)){
        			isPermitted = true;
        			break;
        		}
        	}
        }
        return isPermitted;
    }
}
